Back to skill

Security audit

Chinese Bedtime Story Generator

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it claims: generate Chinese bedtime stories and optional audio, while saving local story outputs and using external AI/TTS services.

Install only if you are comfortable sending the provided child profile details and generated story text to the configured LLM and TTS services. Prefer nicknames instead of real names, review provider privacy terms, and periodically delete the local outputs directory if using a shared or backed-up machine.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (9)

Lp3

Medium
Category
MCP Least Privilege
Confidence
95% confidence
Finding
The skill documentation advertises use of environment variables, filesystem reads/writes, and network-backed LLM/TTS services, yet no explicit permissions are declared. This creates a transparency and governance gap: users or platforms cannot accurately assess what resources the skill will access before execution. In this context, the risk is elevated because the skill handles child-related personalization data and persists state across runs.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill writes persistent outputs including story text, audio files, and a state file containing child name, age, interests, and continuity data, but the user-facing description does not warn about this retention. Persistent storage of child-related data can lead to unintended disclosure on shared systems or later reuse beyond user expectations.

Missing User Warnings

High
Confidence
97% confidence
Finding
The skill sends personalized child inputs and generated story content to external LLM and TTS services, but the description does not clearly warn users that this data may leave the local environment. Because the inputs include child-identifying and preference data, undisclosed third-party transmission creates a significant privacy risk and may conflict with user expectations or policy requirements.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill sends child name, age, interests, and generated story text to external LLM and TTS providers without any explicit consent flow, minimization, or privacy warning in the code path. Because this skill is specifically for children, transmitting child-related data to third-party services raises elevated privacy and compliance risk.

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
95% confidence
Finding
openai>=1.30.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
98% confidence
Finding
requests>=2.31.0

Unpinned Dependencies

Low
Category
Supply Chain
Content
openai>=1.30.0
requests>=2.31.0
python-dotenv>=1.0.0
Confidence
93% confidence
Finding
python-dotenv>=1.0.0

Known Vulnerable Dependency: requests — 10 advisory(ies): CVE-2014-1830 (Exposure of Sensitive Information to an Unauthorized Actor in Requests); CVE-2024-47081 (Requests vulnerable to .netrc credentials leak via malicious URLs); CVE-2024-35195 (Requests `Session` object does not verify requests after making first request wi) +7 more

High
Category
Supply Chain
Confidence
94% confidence
Finding
requests

Known Vulnerable Dependency: python-dotenv — 1 advisory(ies): CVE-2026-28684 (python-dotenv: Symlink following in set_key allows arbitrary file overwrite via )

Low
Category
Supply Chain
Confidence
79% confidence
Finding
python-dotenv

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.